Quiet May Patch Tuesday follows record April

Microsoft is giving hard-pressed sysadmins a bit of a breather this month with plans to release only two updates during the May edition of its regular Patch Tuesday monthly update cycle.

Just one of the two bulletins due to be published next Tuesday covers a critical update, in sharp contrast to the record-breaking crop of 17 bulletins addressing 64 vulnerabilities that arrived in April.

The critical update in May's batch involves an unspecified flaw in Windows, but only affects Windows Server 2003 and Server 2008. The second bulletin – rated important – means that Office XP, 2003, 2007 and 2004 for Mac will need patching.

The latest version of Microsoft's application suite is not affected by the flaw.

Despite the light patch load, security experts urge sysadmins not to dismiss the updates as unimportant. "Both bulletins are for remote code-execution vulnerabilities, so IT administrators should track them closely and address them quickly," said Wolfgang Kandek, CTO at vulnerability scanning services firm Qualys. ®